Oracle Releases Java Security Patch for Vulnerability

In a blog posted by Eric P. Maurice on Oracle’s official blog, Oracle has announced that they have released a Security Alert Update for the Java vulnerability that was found last week.

In the Security Alert, they specifically state the Security Update actually patches two vulnerabilities found in the Java implementation running in browsers. They also note that this vulnerability that had been found did not affect desktop, embedded (Android), or server implementations of Java.

Oracle states, "Due to the severity of these vulnerabilities, the public disclosure of technical details and the reported exploitation of CVE-2013-0422 "in the wild," Oracle strongly recommends that customers apply the updates provided by this Security Alert as soon as possible."

The update can be found here or downloaded directly from Oracle’s servers located here.

Part of the fix actually changes the default security options of Java to prompt the user whenever a new applet or Java Web Start application is run. In order for the exploit to be successfully executed, an attacker needs to trick an unsuspecting user into browsing a malicious website. The execution of the malicious applet within the browser of the unsuspecting users then allows the attacker to execute arbitrary code in the vulnerable system. These vulnerabilities are applicable only to Java in web browsers because they are exploitable through malicious browser applets.

It seems like Oracle has been working feverishly to implement a fix for this vulnerability and it seems to be somewhat under control with the latest security update.